246 matches found
PT-2013-1004
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 6.6 p1-r1 OpenSSH through 6.1 VMware vCenter Server affected versions not specified Check Point GAiA affected versions not specified Description The issue is related to a mechanism in OpenSSH that can cause a denial o...
Mac OS X OpenSSH vulnerable to denial-of-service (DoS)
Overview The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service. The OpenSSH implementation in Mac OS X is vulnerable to denial-of-service. MASAKI KATAYAMA of Appirits inc Cyber Security Laboratory reported this vulnerability to IPA. JPCERT/CC coordinated with the developer und...
DEBIAN-CVE-2011-5000
The sshgssapiparseename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service memory consumption via a large value in a certain length field. NOTE: there may be limited scenarios in which...
PT-2012-1158 · Openssh +4 · Openssh +4
Name of the Vulnerable Software and Affected Versions: OpenSSH versions 5.8 and earlier Description: The issue allows remote authenticated users to cause a denial of service, specifically memory consumption, when gssapi-with-mic authentication is enabled. This is due to the ssh gssapi parse ename...
PT-2012-1159
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 5.7 OpenSSH versions prior to 6.6 p1-r1 Description The issue allows remote authenticated users to obtain potentially sensitive information by reading debug messages containing authorized keys command options. This ca...
Anonymous leaks PSN SSH Logs, Sony is responsible for Data Theft ?
Anonymous leaks PSN SSH Logs, Sony is responsible for Data Theft ? 1. On the Sony servers running the highly outdated Open SSH version 4.4. 2. Current version is 5.7. For those of Sony for encrypted version are used for more than five years several known security holes. 3. Sony server running in...
CVE-2008-5161
Error handling in the SSH protocol in 1 SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1;...
PT-2008-1137
Name of the Vulnerable Software and Affected Versions SSH Tectia Client and Server and Connector versions 4.0 through 4.4.11 SSH Tectia Client and Server and Connector versions 5.0 through 5.2.4 SSH Tectia Client and Server and Connector versions 5.3 through 5.3.8 SSH Tectia Client and Server and...
DEBIAN-CVE-2008-3234
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the role name, to the username...
Access Restriction Bypass
Overview Affected versions of this package are vulnerable to Access Restriction Bypass. OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshdconfig ForceCommand directive by modifying the .ssh/rc session file. Remediation There is no fixed version for openssh...
audit logging of failed logins
Unspecified vulnerability in the linuxauditrecordevent function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party informatio...
local to local copy uses shell expansion twice
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...
local to local copy uses shell expansion twice
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...
DEBIAN-CVE-2006-0883
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service client connection refusal by connecting multiple times to the SSH server, waiting for the...
Arbitrary Code Execution
Overview Affected versions of this package are vulnerable to Arbitrary Code Execution scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. Remediation There is no fixed version for openssh...
CVE-2005-2797
Overview OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding "-D" option when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. Remediation There is no fixed version for openssh. References - Mindrot.org...
security flaw
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992...
PT-2004-2559 · Openssh +1 · Openssh +1
Name of the Vulnerable Software and Affected Versions: OpenSSH affected versions not specified Description: The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program suc...
DEBIAN-CVE-2004-0175
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992...
DEBIAN-CVE-2003-1562
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...